Trusting a self-generated CA system-wide on Fedora

Say you’re using FreeIPA (or perhaps you’ve generated your own CA) and you want to have your machines trust it. Well in Fedora you can run the following command against the CA file:


# trust anchor rootCA.pem

2 Responses to “Trusting a self-generated CA system-wide on Fedora”


  • NeverAnonymousDavid

    Hey Chris,

    Thanks for this. I wouldn’t have found the p11-glue packages in Fedora (and RHEL/CentOS 7) had I not read this.

    Out of interest, how did you come across this command?

    All my searching for trusting root certificates (in Red Hat flavoured operating systems) seemed to indicate that the ‘update-ca-trust’ command, provided by the ‘Mozilla CA root certificate bundle’ package, was the only way.
    After reading your blog I can see that the p11-glue packages were first added to Fedora in version 19.

    Anyway I ask as, aside from one less step, I’m not sure what the benefit is of this over using ‘update-ca-trust’.

    David

  • Hi David, I think I googled it when I was wanting to trust some certificates more widely on a few systems. I guess both commands work 🙂

Leave a Reply